2 個答案
- 最新
- 最多得票
- 最多評論
0
I suspect that the new instance is being launched in a private subnet and therefore the SSM agent on the instance can not reach the SSM service endpoint. You can solve this by using a VPC Endpoint. See: Creating VPC endpoints for Systems Manager.
If the instance is being deployed into a public subnet (the route table attached to the subnet has a route to an internet gateway), check that the instance has a public IP address. Also, if you are using NACLs, make sure the inbound/outbound rules allow this traffic.
0
Got the reason, I set the PermissionsBoundary which did not contain ssmmessages and ec2messages permission. This make session manager not working.
Add following:
- Effect: Allow
Action:
- 'ssm:*'
Resource: '*'
- Effect: Allow
Action:
- 'ssmmessages:*'
Resource: '*'
- Effect: Allow
Action:
- 'ec2messages:*'
Resource: '*'
已回答 2 年前
相關內容
- 已提問 6 個月前
- 已提問 6 個月前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 2 年前